Answer-first summary for fast verification
Answer: Create a Route 53 Resolver inbound endpoint; attach a security group allowing inbound traffic on TCP/UDP port 53 from on-premises DNS servers.
For on-premises to resolve private hosted zones in AWS over Direct Connect or VPN, create Inbound Resolver endpoint in VPC, which provides IP addresses that on-premises DNS forwards queries to. Security group must allow inbound on 53 (TCP/UDP) from on-prem CIDR.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
An on-premises server needs to query records in a Route 53 private hosted zone (example.com) over Direct Connect. What should the SysOps administrator do?
A
Create a Route 53 Resolver inbound endpoint; attach a security group allowing inbound traffic on TCP/UDP port 53 from on-premises DNS servers.
B
Create a Route 53 Resolver inbound endpoint; allow outbound traffic on port 53 to on-premises DNS servers.
C
Create a Route 53 Resolver outbound endpoint; allow inbound traffic on port 53 from on-premises DNS servers.
D
Create a Route 53 Resolver outbound endpoint; allow outbound traffic on port 53 to on-premises DNS servers.
No comments yet.